作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2008, Vol. 34 ›› Issue (22): 159-161. doi: 10.3969/j.issn.1000-3428.2008.22.055

• 安全技术 • 上一篇    下一篇

TCG命令验证协议的改进方法

康新振,王震宇,徐 锐   

  1. (解放军信息工程大学信息工程学院,郑州 450002)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-11-20 发布日期:2008-11-20

Improvement Method of TCG Command Validation Protocol

KANG Xin-zhen, WANG Zhen-yu, XU Rui   

  1. (Institute of Information Engineering, PLA Information Engineering University, Zhengzhou 450002)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-11-20 Published:2008-11-20

摘要: 经过分析显示可信计算联盟(TCG)命令验证协议会受到一种基于Dolev-Yao模型的中间人攻击,对系统的可信性和安全性造成影响。针对该攻击,文章提出一种协议改进方法。在改进后的协议中,可信平台模块(TPM)和访问者能对会话状态进行有效的沟通,从而抵御中间人攻击。

关键词: 可信计算联盟, 命令验证协议, 中间人

Abstract: This paper shows that the Trusted Computing Group(TCG) command validation protocols are exposed to a Dolev-Yao Man in The Middle(MiTM) attack, which will tamper with the security and the trustworthiness of the entire system. In order to avoid such attack, this paper proposes a countermeasure which makes an effective way through which the caller and TPM can well understand the session state of each other.

Key words: Trusted Computing Group(TCG), command validation protocols, Man in The Middle(MiTM)

中图分类号: